I'm a Fellow at the Adam Smith Institute in London, a writer here and there on this and that and strangely, one of the global experts on the metal scandium, one of the rare earths. An odd thing to be but someone does have to be such and in this flavour of our universe I am. I have written for The Times, Daily Telegraph, Express, Independent, City AM, Wall Street Journal, Philadelphia Inquirer and online for the ASI, IEA, Social Affairs Unit, Spectator, The Guardian, The Register and Techcentralstation. I've also ghosted pieces for several UK politicians in many of the UK papers, including the Daily Sport.

The CloudFlare Outage: Security Comes From A Diversity Of Suppliers

It’s a useful general rule that true security comes from having a diverse system of suppliers. Of course, no system at all is 100% perfect but having a number of different suppliers based in different places is likely to give the greatest security one can get. The outage that CloudFlare had is a good example of this. Here’s an excellent little piece describing what went wrong:

This is one of the aspects of the Internet’s reliability that continues to worry me. It includes some very large, complex distributed systems owned by a range of companies (Microsoft, Google, CloudFlare, Facebook etc.) but within those companies there is a natural tendency to standardise on a single vendor and small range of devices to perform key functions like edge routing. The Internet as a whole is very diverse in technologies and software, which is why it is so robust, but we are going to keep seeing these large entities suffering large if not global outages as long as they value economy of scale in purchasing and maintenance over true system diversity. Worse, if multiple companies standardise on the same hardware, you get problems like the Juniper BGP routering vulnerability that nailed Blackberry maker RIM and a number of ISPs.

The basic problem they faced was that all of their edge routers were from Juniper. And when they were hit with an oddity (something that is near inevitable in something as complex as the internet) then all of them went over at the same time. The suggested solution is that at least one edge router in each of their data centres should not be a Juniper one in the future.

This is a story about the internet: but the basic lesson is much wider than that. It is a diversity of supply that produces security. This is true of food just as much as it is of networking.

I’m sure we’ve all heard the people telling us that we must only eat locally grown food. Indeed, this is often termed “food security”, on the basis that no Johnny Foreigner can deprive us of our vital food supplies. The problem with this is that it’s not only nefarious foreigners that can deprive us of our food. Mother Nature herself does a pretty good job of it through the weather often enough. Further, weather tends to be quite local when it’s being extreme. So hailstones might destroy a crop in one locality when another, 20 miles away, is left entirely untouched. Or floods, droughts, whatever, they affect specific areas only rather than the entire planet at the same time.

We also know what used to happen when people did rely purely upon local food supplies. If these sorts of events happened then they died of starvation. Secure food supplies do not therefore depend upon eating from only one’s own geographic area. Entirely the contrary in fact, true food security means gaining food from many different geographic areas so that a failure of the crops in any one of them makes only a marginal difference to your ability to eat.

Yes, this is different from networking: but the same underlying point is true. Security comes from a diversity of suppliers. You don’t want to be in the situation where one single event can completely wipe out your ability to do business (or, in the case of food, continue living).

I think the ultimate example of this that I’ve seen was back in the 1990s. There was a fire at a factory in Japan. And within a few weeks DRAM chips started to get much more expensive. Without anyone ever really noting it, the entire world depended on that one Japanese factory for the glue to stick the chips into their casings. That one factory that was now a pile of smouldering rubble.

Diversity of supply is the key to security: and it’s usually worth making sure that you have an alternative supplier always available. Even to the point of making modest payments, or of splitting your orders, just to make sure that that alternative supplier is always there. Yes, this is more expensive than standardisation on only the one supplier: but then insurance policies do indeed cost money.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.